Get rid of the need for deployer.pub #385

Niols · 2025-06-16T18:47:05+02:00

Niols commented

2025-06-16 18:47:05 +02:00

The tests still work because we manually write the deployer's public key in /root/.ssh/authorized_keys on the target machines. In itself, however, the configuration that we push does not allow the deployer to push anything on the target machines.

Context: Fediversity/Fediversity#361 (comment)

The tests still work because we manually write the deployer's public key in `/root/.ssh/authorized_keys` on the target machines. In itself, however, the configuration that we push does not allow the deployer to push anything on the target machines. Context: https://git.fediversity.eu/Fediversity/Fediversity/pulls/361#issuecomment-7857

Niols added 1 commit 2025-06-16 18:47:06 +02:00

Get rid of the need for deployer.pub

/ check-pre-commit (pull_request) Successful in 12s

Details

/ check-peertube (pull_request) Successful in 19s

Details

/ check-panel (pull_request) Successful in 1m7s

Details

/ check-deployment-basic (pull_request) Successful in 6s

Details

/ check-deployment-cli (pull_request) Successful in 39m13s

Details

5f02bcc123

The tests still work because we manually write the deployer's public key
in `/root/.ssh/authorized_keys` on the target machines. In itself,
however, the configuration that we push does not allow the deployer to
push anything on the target machines.

Niols referenced this pull request

2025-06-16 18:47:34 +02:00

Introduce test for deploying all services via FediPanel #361

kiara approved these changes 2025-06-16 18:51:53 +02:00

Niols merged commit 4801433ae0 into main

2025-06-17 16:34:31 +02:00

Niols referenced this pull request from a commit

2025-06-17 16:34:31 +02:00

Get rid of the need for `deployer.pub` (#385)

Niols deleted branch no-deployer-pub

2025-06-17 16:34:31 +02:00

Niols referenced this pull request

2025-06-17 16:40:00 +02:00

Introduce test for deploying all services via FediPanel #361

fricklerhandwerk reviewed 2025-06-17 17:14:47 +02:00

deployment/check/common/nixosTest.nix

					
				@ -119,7 +119,6 @@ in

				      with subtest("Configure the deployer key"):

				        deployer.succeed("""mkdir -p ~/.ssh && ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa""")

				        deployer_key = deployer.succeed("cat ~/.ssh/id_rsa.pub").strip()

				        deployer.succeed(f"echo '{deployer_key}' > ${config.pathFromRoot}/deployer.pub")

fricklerhandwerk commented

2025-06-17 13:16:51 +02:00

If we keep this line the deployer will be able to push, right? Why are we removing it?

Niols commented

2025-06-17 18:54:38 +02:00

This line only writes the public key of the deployer in another place on the deployer machine. This is not what allows the deployer to push on the targets (that would be the next three lines). This deployer.pub file used to be part of the configuration pushed onto target machines, but we aren't using that anymore.

This line only writes the public key of the deployer in another place on the deployer machine. This is not what allows the deployer to push on the targets (that would be the next three lines). This `deployer.pub` file used to be part of the configuration pushed onto target machines, but we aren't using that anymore.

👍 1

Sign in to join this conversation.

No reviewers

No milestone

No project

No assignees

3 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: fediversity/fediversity#385

Rows
Columns

Get rid of the need for deployer.pub #385

Get rid of the need for `deployer.pub` #385